undefined | Better HN

0 pointsbin_bash4y ago0 comments

I love that Biden's putting his password into ~/.bash_history

0 comments

4 comments · 1 top-level

rollcat4y ago· 3 in thread

It's also visible in the process table (ps auxww). It can be erased by rewriting the arguments from inside the process (I think this is OS-specific, not the same as changing argv in-place), but that is a race condition.

The safe way is to either read it from stdin/fd (maybe call isatty(3) to check if someone doesn't echo password | ./foo), or open a file (check if permissions are 600). You could also have a named socket (check permissions!) talking to an authn agent, which could be doing some other fancy stuff like pinging your smartwatch to confirm, etc.

fragmede4y ago

another option is in an env variable (from an encrypted file).

    gpg -d ~/secrets/nuclear_launch_codes.gpg
    source ~/secrets/nuclear_launch_codes

where the gpg key has a password and is stored on a hardware dongle that doesn't allow copying the private key off. If you really want to be fancy, there are some hardware security keys that also require a biometric to confirm.

The other option is something like Hasicorp Vault, but we're way out of "one line bash" territory :p

bin_bashOP4y ago

can't you do `cat /proc/$PID/environ`?

1 more reply

junon4y ago

> It can be erased by rewriting the arguments from inside the process

Please nobody rely on this behavior. :O

j / k navigate · click thread line to collapse